© Cengage Learning 2017
Objectives
After completing this chapter, you will be able to:
•Describe the role of an ethical hacker
•Describe what you can do legally as an ethical
hacker
•Describe what you can’t do as an ethical hacker
2 Hands-On Ethical Hacking and Network Defense, 3rd
Edition
© Cengage Learning 2017
Introduction to Ethical Hacking
• Ethical hackers
– Hired by companies to perform penetration tests
• Penetration test
– Attempt to break into a company’s network to find
the weakest link
• Vulnerability assessment
– Tester attempts to enumerate all vulnerabilities
found in an application or on a system
• Security test
– Besides a break in attempt; includes analyzing
company’s security policy and procedures
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
3
© Cengage Learning 2017
The Role of Security and Penetration
Testers
• Hackers
– Access computer system or network without
authorization
• Breaks the law; can go to prison
• Crackers
– Break into systems to steal or destroy data
• U.S. Department of Justice calls both hackers
• Ethical hacker
– Performs most of the same activities with owner’s
permission
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
4
© Cengage Learning 2017
The Role of Security and Penetration
Testers
• Script kiddies or packet monkeys
– Younger, inexperienced hackers who copy codes
from knowledgeable hackers
• Programming languages used by experienced
penetration testers
– Python, Ruby, Practical Extraction and Report
Language (Perl), C language
• Script
– Set of instructions
– Runs in sequence to perform tasks
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
5
© Cengage Learning 2017
The Role of Security and Penetration
Testers
• Hacktivist
– A person who hacks computer systems for political
or social reasons
• Penetration testers usually have:
– A laptop computer with multiple OSs and hacking
tools
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
6
© Cengage Learning 2017
The Role of Security and Penetration
Testers
• Job requirements for a penetration tester might
include:
– Perform vulnerability, attack, and penetration
assessments in Intranet and wireless environments
– Perform discovery and scanning for open ports
– Apply appropriate exploits to gain access
– Participate in activities involving application
penetration
– Produce reports documenting discoveries
– Debrief with the client at the conclusion
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
7
© Cengage Learning 2017
Penetration-Testing Methodologies
• White box model
– Tester is told about network topology and technology
• May be given a floor plan
– Tester is permitted to interview IT personnel and
company employees
• Makes tester’s job a little easier
• Black box model
– Staff does not know about the test
– Tester is not given details about technologies used
• Burden is on tester to find details
– Tests security personnel’s ability to detect an attack
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
8
© Cengage Learning 2017
Penetration-Testing Methodologies
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
9
Figure 1-1 A sample floor plan
© Cengage Learning 2017
Penetration-Testing Methodologies
• Gray box model
– Hybrid of the white and black box models
– Company gives tester partial information (e.g., OSs
are used, but no network diagrams)
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
10
© Cengage Learning 2017
Certification Programs for Network
Security Personnel
• Certification programs
– Available in almost every area of network security
• Minimum certification
– CompTIA Security+ or equivalent knowledge
• Prerequisite for Security+ certification is CompTIA
Network+
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
11
© Cengage Learning 2017
Offensive Security Certified
Professional
• OSCP
– An advanced certification that requires students to
demonstrate hands-on abilities to earn their
certificates
– Covers network and application exploits
– Gives students experience in developing
rudimentary buffer overflows, writing scripts to
collect and manipulate data, and trying exploits on
vulnerable systems
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
12
© Cengage Learning 2017
Certified Ethical Hacker
• Developed by the International Council of
Electronic Commerce Consultants (EC-Council)
– Based on 22 domains (subject areas)
– Web site: www.eccouncil.org
• Most likely be placed on a team that conducts
penetration tests
– Called a Red team
• Conducts penetration tests
• Composed of people with varied skills
• Unlikely that one person will perform all tests
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
13
© Cengage Learning 2017
OSSTMM Professional Security Tester
(OPST)
• Open Source Security Testing Methodology
Manual (OSSTMM) Professional Security Tester
– Designated by the Institute for Security and Open
Methodologies (ISECOM)
– Based on Open Source Security Testing
Methodology Manual (OSSTMM)
• Written by Peter Herzog
– Five main topics (i.e., professional, enumeration,
assessments, application, and verification)
– Web site: www.isecom.org
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
14
© Cengage Learning 2017
Certified Information Systems Security
Professional
• CISSP
– Issued by the International Information Systems
Security Certification Consortium (ISC2)
– Not geared toward technical IT professionals
– Tests security-related managerial skills
• Usually more concerned with policies and procedures
– Consists of ten domains
– Web site: www.isc2.org
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
15
© Cengage Learning 2017
SANS Institute
• SysAdmin, Audit, Network, Security (SANS)
Institute
– Offers training and IT security certifications through
Global Information Assurance Certification (GIAC)
• Top 25 Software Errors list
– One of the most popular SANS Institute documents
– Details most common network exploits
– Suggests ways of correcting vulnerabilities
– Web site: www.sans.org
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
16
© Cengage Learning 2017
Which Certification is Best?
• Penetration testers and security testers
– Need technical skills to perform duties effectively
– Must also have:
• A good understanding of networks and the role of
management in an organization
• Skills in writing and verbal communication
• Desire to continue learning
• Danger of certification exams
– Some participants simply memorize terminology
• Don’t have a good grasp of subject matter
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
17
© Cengage Learning 2017
What Can You Do Legally
• Laws involving technology change as rapidly as
technology itself
– Keep abreast of what’s happening in your area
• Find out what is legal for you locally
– Be aware of what is allowed and what you should
not or cannot do
• Laws vary from state to state and country to country
– Example: In some states, the possession of
lockpicking tools constitutes a crime
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
18
© Cengage Learning 2017
Laws of the Land
• Some hacking tools on your computer might be
illegal
– Contact local law enforcement agencies before
installing hacking tools
• Laws are written to protect society
– Written words are open to interpretation
– Example: In Hawaii, the state must prove the person
charged had the “intent to commit a crime”
• Government is getting more serious about
cybercrime punishment
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
19
© Cengage Learning 2017
Laws of the Land
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
20
Table 1-1 An overview of recent hacking cases (continues)
© Cengage Learning 2017
Laws of the Land
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
21
Table 1-1 An overview of recent hacking cases (cont’d)
© Cengage Learning 2017
Is Port Scanning Legal?
• Some states consider it legal
– Not always the case
– Be prudent before using penetration-testing tools
• Federal government does not see it as a violation
– Allows each state to address it separately
• Research state laws
• Read your ISP’s “Acceptable Use Policy”
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
22
© Cengage Learning 2017
Is Port Scanning Legal?
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
23
Figure 1-2 An example of an acceptable use policy
© Cengage Learning 2017
Is Port Scanning Legal?
• IRC “bot”
– Program that sends automatic responses to users
– Gives the appearance of a person being present
• Some ISP’s may prohibit the use of IRC bots
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
24
© Cengage Learning 2017
What You Cannot Do Legally
• Illegal actions:
– Accessing a computer without permission
– Destroying data without permission
– Copying information without permission
– Installing viruses that deny users access to network
resources
• Be careful your actions do not prevent client’s
employees from doing their jobs
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
27
© Cengage Learning 2017
Get It In Writing
• Using a contract is good business
– May be useful in court
• Books on working as an independent contractor
– Getting Started as an Independent Computer
Consultant by Mitch Paioff and Melanie Mulhall
– The Consulting Bible: Everything You Need to Know
to Create and Expand a Seven-Figure Consulting
Practice by Alan Weiss
• Internet can also be a helpful resource
– Free modifiable templates
• Have an attorney read your contract before signing
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
28
© Cengage Learning 2017
Ethical Hacking in a Nutshell
• Skills needed to be a security tester
– Knowledge of network and computer technology
– Ability to communicate with management and IT
personnel
– An understanding of the laws in your location
– Ability to apply necessary tools to perform your tasks
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
29
© Cengage Learning 2017
Summary
• Companies hire ethical hackers to perform
penetration tests
– Penetration tests discover vulnerabilities in a
network
– Security tests are performed by a team of people
with varied skills
• Penetration test models
– White box model
– Black box model
– Gray box model
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
30
© Cengage Learning 2017
Summary
• Security testers can earn certifications
– CEH
– CISSP
– OPST
• As a security tester, be aware
– What you are legally allowed or not allowed to do
• ISPs may have an acceptable use policy
– May limit ability to use tools
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
31
© Cengage Learning 2017
Summary
• Laws should be understood before conducting a
security test
– Federal laws
– State laws
• Get it in writing
– Use a contract
– Have an attorney read the contract
• Understand tools available to conduct security tests
– Learning how to use them should be a focused and
methodical process
Hands-On Ethical Hacking and Network Defense, 3rd
Edition
32